By proactively conducting threat research, segmenting networks and deploying proper security hygiene, critical infrastructure providers will be better prepared to identify threats, secure networks against them and mitigate any resulting damage.
Across the globe, societies rely on complex and automated critical infrastructure to ensure essential services and functions remain operational. In the United States, the Department of Homeland Security has identified 16 critical infrastructure sectors that, if debilitated, would have a significant impact on national security, economic growth, public safety and more.
These infrastructures contain connected devices and systems that are essential for maintaining operations. They are also lucrative targets in the eyes of cybercriminals. With an estimated 20.5 billion network-connected devices projected to be incorporated into critical infrastructure architectures by 2020, the growing risk of cyberattacks and the potential damage a successful attack can cause are drastically rising.
With this in mind, operations control and network security teams need effective security measures that are not only capable of combatting today’s modern threats but can do so safely inside critical and highly sensitive operational technology (OT) environments. In this effort, understanding the vulnerabilities of critical infrastructure networks -- whether they are owned and operated in the private or public sector -- the current cyberthreats targeting them and the cybersecurity efforts aimed at mitigating these threats can drastically decrease the likelihood of a successful cyberattack.
Modern vulnerabilities across critical infrastructure sectors
As the Global Threat Research for Q2 2018 report indicated, cybercriminals are increasingly targeting industrial control systems (ICS) and supervisory control and data acquisition (SCADA) elements. But, why are cybercriminals focusing their efforts on critical infrastructure networks? There are a number of factors at play. The first is that once the perimeter is breached, OT networks tend to be less secure; they tend to run older, unpatched versions of hardware and software, and attacks can make a significant impact, whether as cybercriminals ransoming critical systems or as cyberterrorists achieving political ends by disrupting services or putting individuals at risk. Here are some specific examples:
Human error and susceptibility: One of the most prominent vulnerabilities within critical infrastructure networks comes in the form of human error. Since OT networks have traditionally been isolated from online access, critical OT devices often employ default or well-known usernames and passwords that aren’t frequently changed. As a result, these devices are easily exploited. This fact is emphasized across the dark web, a prominent and growing market for leaked credentials.
Hesitation to conduct vulnerability testing: Testing the vulnerabilities of critical ICS devices and architectures makes sense, because it boils down to beating cybercriminals at their own game: hacking ICS elements before the bad actors do. Unfortunately, this process can adversely affect the performance of critical infrastructure. Even patching updates or tack-on security solutions can hinder the efficiency of critical infrastructure. As a result, many IT professionals tasked with managing critical infrastructure have adopted an “if it’s not broken, don’t fix it” mentality, leaving them vulnerable to an increasing number of attack vectors the longer a network remains untouched.
Many SCADA systems are connected with unique IPs: Modern SCADA systems are implemented across a wide, distributed network and rely on open protocols like multicast to perform their necessary functions. However, in order to receive these protocols and subsequently carry out their functions, SCADA systems also rely on unique IP connections. This leaves them vulnerable to unauthorized access from control software via phishing or malware and opens them up to packet access across those network segments that house SCADA systems.
Once they've penetrated critical infrastructure, cybercriminals can carry out several kinds of attacks:
Smokescreen attacks from malicious nation-states: Attacking infrastructure critical to day-to-day operations is often viewed as a precursor to warfare. This is because successful attacks make for incredibly effective smokescreens. The loss of power or water, or a stock market collapse, provides a distraction for more targeted physical or cyber-based attacks.
Ransomware: The health care sector made headlines following successful cyberattacks targeting critical infrastructure needed for patient care. Cybercriminals leveraged the SamSam and WannaCry ransomware variants to hold hospitals hostage in exchange for cryptocurrency.
Cryptojacking: The recent spike in value of cryptocurrencies like Bitcoin and Ethereum have also led to a significant increase in cryptojacking attacks. These attacks, which deploy malware to leach CPU power from network-connected devices, can have a significant impact on processing power and system efficiency. Given the high number of devices essential to critical infrastructure operations, and the fact that they are often easier to exploit, cybercriminals have begun to target the OT and internet-of-things devices found in critical infrastructure.
Securing critical infrastructure sectors against modern cyberthreats
For IT professionals in critical infrastructure sectors, cybersecurity efforts must be aligned with the current threats targeting them. Additionally, the appropriate strategies and solutions to effectively mitigate those threats must be deployed across the network. As the old saying goes, cybercriminals only need to get an attack right once, while cybersecurity teams have to maintain effective security posture 100 percent of the time.
With this in mind, cybersecurity professionals should consider the following best practices to ensure that critical infrastructure is maintained and modern cyberthreats are effectively identified and addressed:
Threat research: The first and arguably most important method for preventing a critical infrastructure attack is threat research. Understanding the known vulnerabilities, exploit advisories and specific intrusion or detection signatures that have been observed across the threat landscape can go a long way toward efficiently preventing attacks. Additionally, it’s beneficial to understand the processes cybercriminals leverage when exploiting known vulnerabilities. When cybersecurity professionals understand the specific techniques being used against known vulnerabilities, they’ll be better prepared to address newer exploits targeting those vulnerabilities.
Comprehensive network segmentation: Given the staggering number of OT, IoT, ICS and SCADA elements that make up critical infrastructures, it’s essential that the internal segmentation functionality available in some next-generation firewalls be deployed across the network. Not only will such logical segmentation mitigate the damage a successful attack can cause, but it will also serve as a deterrent against cybercriminals expecting an easily exploited target.
Proper security hygiene: Poor security hygiene is one of the most common causes of successful cyberattacks within critical infrastructure. Cybercriminals leverage a variety of techniques like phishing and drive-by downloads for quick and easy entryways into networks. By ensuring a more stringent cadence for maintaining security posture, the chances of socially engineered scams, accidental insider threats and malware-based attacks dramatically decrease.
Additionally, cybersecurity personnel should begin to move away from the aforementioned “if it isn’t broken, don’t fix it” mentality. Modern cybercriminals are constantly looking for new vulnerabilities and exploits. To secure a network, vulnerability testing and proper patching must be conducted consistently.
Cybercriminals increasingly regard critical infrastructure as an easy target. Due to the unique vulnerabilities found within ICS, that makes sense. In order to secure the network elements needed for efficient operations, it’s crucial that cybersecurity personnel understand the threat vectors found across their network architecture and the common cyberthreats targeting them.
By proactively conducting threat research, segmenting networks and deploying proper security hygiene, public- and private-sector organizations across critical infrastructure sectors will be better prepared to identify threats, secure networks against them and mitigate any resulting damage.